Jul 30 2021

Android Banking Trojan Vultur uses screen recording for credentials stealing

Category: TrojanDISC @ 11:15 pm
Android Banking Trojan Vultur uses screen recording for credentials stealing

Experts spotted a new strain of Android banking Trojan dubbed Vultur that uses screen recording and keylogging for the capturing of login credentials.

ThreatFabric researchers discovered a new Android banking Trojan, tracked as Vultur, that uses screen recording and keylogging to capture login credentials.

Vultur was first spotted in late March 2021, it gains full visibility on victims’ devices via VNC (Virtual Network Computing) implementation taken from AlphaVNC.

“For the first time we are seeing an Android banking trojan that has screen recording and keylogging as main strategy to harvest login credentials in an automated and scalable way. The actors chose to steer away from the common HTML overlay strategy we usually see in other Android banking Trojans: this approach usually requires more time and effort from the actors in order to steal relevant information from the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result.” reads the analysis published by ThreatFabric.

Most of the apps targeted by Vultur belong to banks in Italy, Australia and Spain, experts discovered a link with a popular dropper framework called Brunhilda.

Viruses, Hardware and Software Trojans: Attacks and Countermeasures

Tags: Banking Trojan, credentials stealing

Jul 30 2021

Storing Encrypted Photos in Google’s Cloud

Category: Cloud computing,CryptograghyDISC @ 8:21 am
Storing Encrypted Photos in Google’s Cloud

STORING YOUR DATA IN THE CLOUD

STORING YOUR DATA IN THE CLOUD by [Lursa Muuda]

Tags: Encrypted Photos, STORING YOUR DATA IN THE CLOUD

Jul 29 2021

IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M

Category: Data BreachDISC @ 9:44 am
IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M

The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 million during the COVID19 pandemic. IBM Security presented today the annual study “Cost of Data Breach,” conducted by Ponemon Institute…

Tags: data breach, data breach cost

Jul 28 2021

How is Cloud Infrastructure Security Important for an Organization?

Category: Cloud computingDISC @ 12:16 pm
Top 5 Benefits of Cloud Infrastructure Security 

Embracing new technologies lead to qualitative growth but simultaneously holds high chances of quantitative data breaches. While adopting cloud technology, it is important to see the security of cloud infrastructure as one of the crucial responsibilities. There are various organizations out there that are still unsure of the security of their data present in the cloud environment. 

In 2019, Collection #1, a massive data breach held responsible for compromising data set of over 770 million unique email addresses and 21 million unique passwords. The collection of data files was stored on a cloud storage service and MEGA. Similarly, information of over 108 million bets’ records was leaked by an online casino group. The leaked data included details of customers’ personal information along with deposits and withdrawals.

Then the same year, a famous food delivery service providing firm was breached, compromising the data of 4.9 million users, including consumers and delivery employees.

Additionally, a post from Security Boulevard says acording to a survey almost 98% of the companies had witnessed at least one cloud data breach in the past 18 months,  that is compared to 79% in 2020.

Here are the five major benefits that you gain from cloud infrastructure security solutions:

  • Data Security

Nowadays, cloud computing servers are becoming susceptible to data breaches. Cloud infrastructure security solutions help in ensuring that data like sensitive information and transaction is protected. It also helps in preventing the third party from tampering with the data being transmitted.

  • DDoS Protection 

Distributed denial of service, aka DDoS attacks, is infamously rising and deployed to flood the computer system with requests. As a result, the website slows down to load to a level where it starts crashing when the number of requests exceeds the limit of handling. Cloud computing security provides solutions that focus on stopping bulk traffic that targets the company’s cloud servers. 

  • Constant Support 

When it comes to the best practices of cloud infrastructure security solutions, it offers consistent support and high availability to support the company’s assets. In addition, users get to enjoy the benefit of 27/7 live monitoring all year-round. This live monitoring and constant support offer to secure data effortlessly.

  • Threat Detection

Infrastructure security in the cloud offers advanced threat detection strategies such as endpoint scanning techniques for threats at the device level. The endpoint scanning enhances the security of devices that are accessing your network. 

  • Supervision of Compliance

In order to protect data, the entire infrastructure requires to be working under complaint regulations. Complaint secured cloud computing infrastructure helps in maintaining and managing the safety features of the cloud storage. 

The points mentioned above are clear enough to state how beneficial and vital is cloud infrastructure security for an organization. Unfortunately, there are very many high-profile cases that have been witnessed in past years relating to data breaches. 

To patch the loopholes and strengthen the IT infrastructure security, it is crucial to keep the security of cloud storage services a high priority. Engage with the top-class cloud computing security tools to get better results and have the data secured.

Cloud Security

Tags: cloud computing risks, Cloud Infrastructure Security, cloud security, cloudcomputing

Jul 28 2021

Getting cyber secure with penetration testing

Category: Pen TestDISC @ 10:00 am

To achieve real cybersecurity, business leaders must implement the right solutions to protect their assets from cyber threats. Checkout Cobalt PenTest as a Service to find out how to keep your organization secure from a cyber attack with effective penetration testing, and discover:

  • Why even the smallest business is a potential target
  • What penetration testing is, and how it works
  • The types of vulnerabilities that can exist for months without being detected
  • Why penetration tests are the best solution to uncovering vulnerabilities before criminals do
  • The difference types of penetration test

Jul 27 2021

Cracking Password Protected ZIP, RAR & PDF using Zydra

Category: Password SecurityDISC @ 11:00 am
Cracking Password Protected ZIP, RAR & PDF using Zydra

Having confidential documents on a system, like a pdf of financial data or a zip including personal images and videos, ensure they’re password-protected so nobody else can access them. Encrypting documents with a password provides security that although the device is under attack, the attackers would be unable to view files while on the system.

Even so, just like everything else, when files have a password, this can be brute-forced. And here we’re trying to understand about zydra, a file brute-forcing tool, and see how it works by brute-forcing a document and inspecting the details. You will only need a Kali Linux and some encrypted files to perform this tutorial. Zydra works in two modes: brute force and dictionary. And we will try the example on each way.

Table of Contents

Password Cracking Manual

Jul 26 2021

How to develop a skilled cybersecurity team

Category: cyber security,InfoSec jobsDISC @ 10:19 am
How to develop a skilled cybersecurity team

What skills should aspiring information security workers possess and work on? What certifications can come in handy more than others? What strategies should organizations employ to develop a well-staffed cybersecurity team? Where should they look for talent? What advice do those already working in the field have for those who want to enter it?

(ISC)² wanted to know the answer to these and other questions, so they asked 1,024 infosec professionals and 1,010 cybersecurity job pursuers in the U.S. and Canada.

What do the information security professionals say?

Cybersecurity Workforce : Staffing Needs, Skills Requirements and Coding Procedures

Cybersecurity Workforce

Tags: cybersecurity team, cybersecurity workforce shortage

Jul 24 2021

Obtaining password hashes of Windows systems with PetitPotam attack

Category: Windows SecurityDISC @ 2:42 pm
Obtaining password hashes of Windows systems with PetitPotam attack

A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes.

Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with him. The news of the attack was first reported by The Record.

The attack abuse the Encrypting File System Remote (EFSRPC) protocol, which is used to perform maintenance and management operations on encrypted data that is stored remotely and accessed over a network.

Lionel also published a proof-of-concept (PoC) exploit code on GitHub.

“PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function. This is possible via other protocols and functions as well  .” reads the description provided by the expert.

“The tools use the LSARPC named pipe with inteface c681d488-d850-11d0-8c52-00c04fd90f7e because it’s more prevalent. But it’s possible to trigger with the EFSRPC named pipe and interface df1941c5-fe89-4e79-bf10-463657acf44d.”

In the PetitPotam attack demonstrated by the expert, he sent SMB requests to a remote system’s MS-EFSRPC interface and forced its system to initiate an authentication procedure and share its NTLM authentication hash.

The NTLM authentication hash can be used to carry out a relay attack or can be lately cracked to obtain the victim’s password. The PetitPotam attack can be very dangerous because it allows attackers to take over a domain controller and compromise the entire organization.

Tags: PetitPotam attack

Jul 23 2021

Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

Category: Data Breach,data securityDISC @ 12:55 pm
Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach

WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities.

Original post at https://www.wizcase.com/blog/us-municipality-breach-report/

What’s Happening?

Over a 100 US cities appeared to be using the same product, mapsonline.net, provided by an American company named PeopleGIS. The data of these municipalities was stored in several misconfigured Amazon S3 buckets that were sharing similar naming conventions to MapsOnline. Due to this, we believe these cities are using the same software solution. Our team reached out to the company and the buckets have since been secured.

PeopleGIS is a Massachusetts-based company specializing in information management software. Many city municipalities in the state of Massachusetts and a few in surrounding states like Connecticut and New Hampshire use their software and platforms to manage a variety of data.

Our scanner revealed 114 Amazon Buckets that were named after the same pattern, revealing the connection to PeopleGIS. Among these, 28 appeared to be properly configured (meaning they weren’t accessible), and 86 were accessible without any password nor encryption.

This means there are 3 options:

  • PeopleGIS created and handed over the buckets to their customers (all municipalities), and some of them made sure these were properly configured;
  • The buckets were created and configured by different employees at PeopleGIS, and there were no clear guidelines regarding the configuration of these buckets;
  • The Municipalities created the buckets themselves, with PeopleGIS guidelines about the naming format but without any guidelines regarding the configuration, which would explain the difference between the municipalities whose employees knew about it or not.

What Data Was Left Vulnerable?

Big Breaches

Data Breaches: Crisis and Opportunity

Tags: Big Breaches, data breaches, Massive Data Breach, Municipalities’ Sensitive Information

Jul 23 2021

Questions that help CISOs and boards have each other’s back

Category: CISO,vCISODISC @ 11:27 am
Questions that help CISOs and boards have each other’s back

The ransomware threat posed by organized crime groups is considerable, and its impact can be devastating and threaten the entire business. This makes it imperative for boards to ensure the company has taken necessary cybersecurity precautions to resist the threat. Additionally, executives have seen the value of efficient infosec firsthand over the last eighteen months. The efforts security teams have made to keep businesses safely functioning during a global pandemic have been impressive, if not heroic.

Regardless of why the C-level is focusing on IT infrastructure and strategy, this interest presents an opportunity for security teams. I know this is true because over the last few years F-Secure’s board has been refining how we cooperate to make better decisions about our security posture and risk appetite.

At the core of this process has been the creation of questions we use to make the best use of our time together. When approached holistically and answered honestly, these queries allow us to understand if we are focused on the right things, whether we are achieving our goals, and where our gaps are.

Since we would have benefited by having a list to start with, we’re sharing five of ours now to help other organizations.

Start with the easier ones

Here are the first three questions that I expect board members to ask me whenever they get a chance:

  • What are the key threats against your top assets?
  • How do you protect your assets from cybersecurity threats?
  • Whose responsibility is it to implement protections?

Questions that help CISOs and boards have each other’s back

Chief Information Security Officer

Tags: CISO, CISO implementation guide, Fractional CISO, vCISO

Jul 22 2021

3 Signs It’s Time to Rethink Your PCI Pen Testing Strategy

Category: Information Security,pci dss,Pen TestDISC @ 12:03 pm

Download pdf: 3 sign it’s time to rethink your PCI PenTesting Strategy

Learn more about PenTest as a Service

Procuring Penetration Testing Services by Crest

Tags: PCI Pen Testing Strategy

Jul 22 2021

Don’t get tricked by this crashtastic iPhone Wi-Fi hack!

Category: Mobile SecurityDISC @ 11:34 am
Don’t get tricked by this crashtastic iPhone Wi-Fi hack!

About a month ago, a security researcher revealed what turned out to be zero-day bug in Apple’s Wi-Fi software, apparently without meaning to:

Carl Schou, founder of an informal hacker collective known as Secret Club, “created originally as a gag between friends who are passionate about technical subjects”, seems to have been doing what bug-hunters do…

…and trying out a range of potentially risky values in the Wi-Fi settings on his iPhone.

Schou set up a Wi-Fi access point with a network name (ESSID) of %p%s%s%s%s%n, and then deliberately connected his iPhone to it in order to check for what are known as format string vulnerabilities.

This sort of vulnerability is considered somewhat old-school these days, but as we have had good reason to say many times on Naked Security, “never assume anything” in the world of cybersecurity, and it seems that Schou followed this advice, and unexpectedly unearthed up a genuine bug.

Don’t get tricked by this crashtastic iPhone Wi-Fi hack!

Tags: iPhone Wi-Fi hack

Jul 22 2021

XLoader, a $49 spyware that could target both Windows and macOS devices

Category: Information Security,SpywareDISC @ 10:30 am
XLoader, a $49 spyware that could target both Windows and macOS devices

Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs.

XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. 

FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is capable of extracting data from HTTP sessions, keystroke logging, stealing clipboard contents. FormBook can also receive commands from a command-and-control (C2) server to perform many malicious activities, such as downloading more payloads. FormBook was offered for sale in the criminal underground since July, it goes for $29 a week up to a $299 full-package “pro” deal. The customers pay for access to the platform and generate their executable files as a service.

The malware was pulled from sale in 2017, but it continued to infect systems across the world. In March 2020, MalwareHunterTeam uncovered a Coronavirus (COVID-19)-themed campaign that was distributing a malware downloader that delivers the FormBook information-stealing Trojan.

CPR team has now monitored XLoader since it first appeared in the threat landscape in February. XLoader borrows the code base with Formbook, but it also included major improvements, such as the capability of compromising macOS systems.

“On February 6, 2020 a new era began: the era of the Formbook successor called XLoader. On this day, XLoader was advertised for sale in one of the underground groups.” states the report published by CheckPoint. “On October 20, 2020, XLoader was offered for sale on the same forum which was used for selling Formbook.”

XLoader, a $49 spyware that could target both Windows and macOS devices

Tags: Spyware, XLoader

Jul 22 2021

Top 10 Tips to Protect Against OWASP Top 10 Vulnerabilities

Category: Security vulnerabilities,Web SecurityDISC @ 10:13 am
Top 10 Tips to Protect Against OWASP Top 10 Vulnerabilities

OWASP Top 10 vulnerabilities is a list of the 10 most common security vulnerabilities in applications. The Top 10 OWASP web application security vulnerabilities are updated every 3-4 years. Last updated in 2017, the vulnerabilities featuring on the list are:

  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control
  • Security Misconfigurations
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging and Monitoring

OWASP Top 10 vulnerabilities help raise awareness of the latest threats facing websites and web applications. Organizations and developers can leverage this list to ensure secure coding, tune up security and keep their security posture fortified.

In this article, we equip you with 10 power-packed tips to protect your applications against the OWASP Top 10.

OWASP A Complete Guide - 2021 Edition by [Gerardus Blokdyk]

OWASP Testing Guide v4 by [OWASP OWASP]

Tags: OWASP Top 10 Vulnerabilities

Jul 21 2021

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Category: Password Security,Windows SecurityDISC @ 1:24 pm
Windows “HiveNightmare” bug could leak passwords – here’s what to do!

Windows “hives” contain registry data, some of it secret. The nightmare is that these files aren’t properly protected against snooping.

As if one Windows Nightmare dogging all our printers were not enough…

…here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry.

Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM.

The moniker HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files, known in Microsoft jargon as hives or hive files.

These hive files include a trio called SAMSECURITY and SYSTEM, which between them include secret data including passwords and security tokens that regular users aren’t supposed to be able to access.

They’re kept in a special, and supposedly secure, folder under the Windows directory called C:\Windows\System32\config, as you see here:

C:\Windows\System32\config> dir
[. . .]
Directory of C:\Windows\System32\config
[. . .]
21/07/2021  12:57           524,288 BBI
25/06/2021  06:21            28,672 BCD-Template
21/07/2021  14:45        32,768,000 COMPONENTS
21/07/2021  12:57           786,432 DEFAULT
21/07/2021  12:32         4,194,304 DRIVERS
[. . .]
21/07/2021  12:57            65,536 SAM       <--some system secrets included
21/07/2021  12:57            32,768 SECURITY  <--some system secrets included
21/07/2021  12:57        87,556,096 SOFTWARE
21/07/2021  12:57        11,272,192 SYSTEM    <--some system secrets included
[. . .]

The moniker SeriousSAM comes from the filename SAM, which is short for Security Account Manager, a name that sounds as serious as the file’s content’s are.

Tags: HiveNightmare

Jul 21 2021

Defending Against Pervasive Spyware

Category: SpywareDISC @ 10:42 am
Defending Against Pervasive Spyware

The revelation that Israeli company NSO Group’s spy software Pegasus was targeting the smartphones of activists, journalists and business executives sent a shockwave through the international press.

The spyware successfully infiltrated the mobile devices of more than 50,000 people, from Mexican president AndrĂ©s Manuel LĂłpez Obrador to reporters from CNN to Claude Mangin, the French wife of a political activist jailed in Morocco.

Simply put: if spyware can infect and infiltrate the world’s elite on every corner of the planet, that means the threat to organizations and individuals must be taken seriously. Spyware impacts everyone.

Moreover, in today’s work-from-anywhere world, mobile devices are critical to any job, and the ability to access email, customer information and proprietary data while on the go is non-negotiable.

Mobile Devices are Mission-Critical

Because of the wealth of data that can be accessed from a mobile device, companies must treat these devices as mission-critical to business continuity.

This means having control and visibility into what is happening on a mobile device, so they can prevent spyware attacks from compromising critical data.

Shawn Smith, director of infrastructure at application security provider nVisium, pointed out that the transition to a remote work style has changed the attack vector for spyware slightly.

“For example, in the past, all the networking gear in an office would be tightly controlled, monitored and patched for security issues as needed,” he said. “However, in a world where employees can work from anywhere, their home networking equipment becomes a new security issue.”

Smith said with such a wide variety of equipment that can be used, often in an unmaintained and unsecured state, this makes the issue of spyware much harder to defend against.

“You have to double your efforts on the security and encryption of the devices you can control, such as the employee’s corporate computer, and rely less on the network monitoring approach that was used in the past,” he said.

Tags: Pervasive Spyware

Jul 20 2021

NSO Group Hacked

Category: Cyber Espionage,Cyber Spy,Cybercrime,Cyberweapons,Hacking,Malware,Smart PhoneDISC @ 1:36 pm
NSO Group Hacked

There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverage. More coverage.

Worldwide probe finds tech by Israel's NSO Group targeted media, politicians | The Times of Israel

Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software. Why does NSO Group have that list? The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.”

This isn’t the first time NSO Group has been in the news. Citizen Lab has been researching and reporting on its actions since 2016. It’s been linked to the Saudi murder of Jamal Khashoggi. It is extensively used by Mexico to spy on — among others — supporters of that country’s soda tax.

 here’s a tool that you can use to test if your iPhone or Android is infected with Pegasus. (Note: it’s not easy to use.)

7 Steps to Removing Spyware

7 Steps to Removing Spyware by Nick Laughter

Spyware and Adware

Spyware and Adware

Tags: Amnesty International, mobile spyware, NSO Group Hacked, rouge anti-spyware, Spyware, Spyware and Adware

Jul 15 2021

China Taking Control of Zero-Day Exploits

Category: Zero dayDISC @ 11:39 am
China Taking Control of Zero-Day Exploits

Countdown to #ZeroDay: #Stuxnet and the Launch of the World’s First #DigitalWeapon

Tags: china, cybersecurity, cyberweapons, Digital Weapons, disclosure, Stuxnet, vulnerabilities, zero-day, Zero-Day Exploits

Jul 14 2021

Pentests are required for ISO 27001 or SOC2 audits

Category: ISO 27k,Pen TestDISC @ 3:32 pm

Pentests are required for ISO 27001 or SOC2 audits: download pdf

Why do organizations need to conduct a penetration test?

Tags: 27001 or SOC2 audits

Jul 14 2021

Data breaches and cyber attacks quarterly review: Q2 2021

Category: Cyber Attack,Data BreachDISC @ 11:18 am
Data breaches and cyber attacks quarterly review: Q2 2021

Tags: Data breaches and cyber attacks

« Previous PageNext Page »